Re: controversial paper

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 09/27/03 

Date: Sat, 27 Sep 2003 00:26:28 GMT

"kurt wismer" <kurtw@sympatico.ca> wrote in message
news:ip4db.13957$yD1.1571998@news20.bellglobal.com...
> Tom St Denis wrote:
> [snip]
> > The net sum of the paper is "windows bad because it has flaws". Well
you
>
> y'know, that's not how i read it... i read it as "windows is bad
> because it's too widespread"...
>
> the big issue seemed to be the "monoculture", where everyone has
> exactly the same set of vulnerabilities installed as everyone else,
> thereby making the potential collapse of our technological
> infrastructure much more feasible...

Perhaps. I stopped reading it a few pages in because of how ludicrous it
is. Essentially smells of /.

> [snip]
> > If anything switching OSes will only make the problem worse. GNU/Linux
is
> > much harder for a newbie to setup correctly and more likely to fall to
> > attack [just ask anyone off the street what say "/etc/init.d/sshd stop"
> > means...]
>
> i think you're missing the larger picture - vulnerabilities will always
> be with us, individual platforms will always face these problems and
> the people who use those platforms will always make mistakes... it's
> far better, however, if the infrastructure as a whole has redundancies
> that are diverse in their technological nature so that a single
> vulnerability can't bring down everything...

At what cost though? I mean by this logic an office of immigration workers
should have to deal with what, 8 different OSes on 16 different types of
computers just in case one gets a virus? Also if the paper was just about
the deployment of Windows and not it's quality why would the dude have been
fired?

The thing is [what the paper misses] is not all window installations are the
same. I installed my windows behind a firewall and did all of the updates
before installing anything else. Many others I know don't even get as far
as SP1 before browsing the web...So just because some poorly setup
government shop gets rooted doesn't mean that's windows vast deployments
fault.

Though I agree that diversity is good I don't think the solution is jumping
on windows. Quite a few problems can be fixed just by properly setting up
computers before deploying them.

Tom

Relevant Pages

  • Re: Macs in Astronomy Updated; Canon 20D under Mac & Windows
    ... Certainly, the Mac installations have been better in this regard, ... although Windows is catching up quickly. ... I didn't respond because I don't consider the lack of viruses on Macs to ... them doesn't mean those vulnerabilities weren't there. ...
    (sci.astro.amateur)
  • Re: controversial paper
    ... > Tom St Denis wrote: ... > i think you're missing the larger picture - vulnerabilities will always ... The thing is is not all window installations are the ... I installed my windows behind a firewall and did all of the updates ...
    (sci.crypt)
  • Re: Web Application Testers.
    ... > automatically alerts you to the latest security vulnerabilities please see: ... Platforms: ... A Windows/MS-DOS CGI scanner which scans for 65 remote ... Windows 2000 and Windows NT ...
    (Pen-Test)
  • Re: Web Application Testers.
    ... > automatically alerts you to the latest security vulnerabilities please see: ... Platforms: ... A Windows/MS-DOS CGI scanner which scans for 65 remote ... Windows 2000 and Windows NT ...
    (Vuln-Dev)
  • [NEWS] Buffer Overrun In RPCSS Service Could Allow Code Execution
    ... Remote Procedure Call (RPC) is a protocol used by the Windows operating ... There are three newly identified vulnerabilities in the part of RPCSS ... Service that deals with RPC messages for DCOM activation- ...
    (Securiteam)